Django 1.9.13 release notes

Django 1.9.13 fixes two security issues and a bug in 1.9.12. This is the final release of the 1.9.x series.

Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid.